General
-
Target
9da63c8fbd118cb004ed3c04f0899c800cb752df178407a561661e14ef72a295.elf
-
Size
32KB
-
Sample
240419-b5kj6sec7v
-
MD5
143739220e3511a29f0622274c0ea575
-
SHA1
8a0f4450ac2b1fa9392203585630a13490bf75ee
-
SHA256
9da63c8fbd118cb004ed3c04f0899c800cb752df178407a561661e14ef72a295
-
SHA512
c66e881d223c7e4ef8a420f5e4348aa4ca4ad03564d348b2077ed38ab88a70a9da87fce1dc2d15e8f34424b7fc4c6c4275ba827a5d09b009ae4b1d04314ace4a
-
SSDEEP
384:Kvv/RyiWJTT2zZp4gnFx54G3SjkICvxzKRpOA9gMQJ0DvwqxNAnjtd6ZYMBJAhdc:KvcZY4+IG3UBOtMMqIjtdmDa3C9j3UhM
Malware Config
Extracted
mirai
UNSTABLE
jswl.bzwl888.sbs
Targets
-
-
Target
9da63c8fbd118cb004ed3c04f0899c800cb752df178407a561661e14ef72a295.elf
-
Size
32KB
-
MD5
143739220e3511a29f0622274c0ea575
-
SHA1
8a0f4450ac2b1fa9392203585630a13490bf75ee
-
SHA256
9da63c8fbd118cb004ed3c04f0899c800cb752df178407a561661e14ef72a295
-
SHA512
c66e881d223c7e4ef8a420f5e4348aa4ca4ad03564d348b2077ed38ab88a70a9da87fce1dc2d15e8f34424b7fc4c6c4275ba827a5d09b009ae4b1d04314ace4a
-
SSDEEP
384:Kvv/RyiWJTT2zZp4gnFx54G3SjkICvxzKRpOA9gMQJ0DvwqxNAnjtd6ZYMBJAhdc:KvcZY4+IG3UBOtMMqIjtdmDa3C9j3UhM
-
Contacts a large (210068) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Changes its process name
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Writes file to system bin folder
-